Fixes and clarifications to app signature (or better certificate) pinning

2015-05-10 03:31:19 +02:00
parent 6e326fb000
commit e14a2efcad
4 changed files with 50 additions and 38 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainContract.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainContract.java
@@ -73,7 +73,7 @@ public class KeychainContract {

    interface ApiAppsColumns {
        String PACKAGE_NAME = "package_name";
-        String PACKAGE_SIGNATURE = "package_signature";
+        String PACKAGE_CERTIFICATE = "package_signature";
    }

    interface ApiAppsAccountsColumns {
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainDatabase.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainDatabase.java
@@ -148,7 +148,7 @@ public class KeychainDatabase extends SQLiteOpenHelper {
            "CREATE TABLE IF NOT EXISTS " + Tables.API_APPS + " ("
                + BaseColumns._ID + " INTEGER PRIMARY KEY AUTOINCREMENT, "
                + ApiAppsColumns.PACKAGE_NAME + " TEXT NOT NULL UNIQUE, "
-                + ApiAppsColumns.PACKAGE_SIGNATURE + " BLOB"
+                + ApiAppsColumns.PACKAGE_CERTIFICATE + " BLOB"
            + ")";

    private static final String CREATE_API_APPS_ACCOUNTS =
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
@@ -45,7 +45,6 @@ import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.SecretKeyType;
 import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
 import org.sufficientlysecure.keychain.pgp.KeyRing;
 import org.sufficientlysecure.keychain.pgp.PgpConstants;
-import org.sufficientlysecure.keychain.pgp.PgpHelper;
 import org.sufficientlysecure.keychain.pgp.Progressable;
 import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
 import org.sufficientlysecure.keychain.pgp.UncachedPublicKey;
@@ -1415,7 +1414,7 @@ public class ProviderHelper {
    private ContentValues contentValueForApiApps(AppSettings appSettings) {
        ContentValues values = new ContentValues();
        values.put(ApiApps.PACKAGE_NAME, appSettings.getPackageName());
-        values.put(ApiApps.PACKAGE_SIGNATURE, appSettings.getPackageSignature());
+        values.put(ApiApps.PACKAGE_CERTIFICATE, appSettings.getPackageSignature());
        return values;
    }

@@ -1462,7 +1461,7 @@ public class ProviderHelper {
                settings.setPackageName(cursor.getString(
                        cursor.getColumnIndex(KeychainContract.ApiApps.PACKAGE_NAME)));
                settings.setPackageSignature(cursor.getBlob(
-                        cursor.getColumnIndex(KeychainContract.ApiApps.PACKAGE_SIGNATURE)));
+                        cursor.getColumnIndex(KeychainContract.ApiApps.PACKAGE_CERTIFICATE)));
            }
        } finally {
            if (cursor != null) {
@@ -1575,10 +1574,10 @@ public class ProviderHelper {
        return fingerprints;
    }

-    public byte[] getApiAppSignature(String packageName) {
+    public byte[] getApiAppCertificate(String packageName) {
        Uri queryUri = ApiApps.buildByPackageNameUri(packageName);

-        String[] projection = new String[]{ApiApps.PACKAGE_SIGNATURE};
+        String[] projection = new String[]{ApiApps.PACKAGE_CERTIFICATE};

        Cursor cursor = mContentResolver.query(queryUri, projection, null, null, null);
        try {